aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/patches/931_parse-url.patch21
-rw-r--r--debian/patches/series1
2 files changed, 22 insertions, 0 deletions
diff --git a/debian/patches/931_parse-url.patch b/debian/patches/931_parse-url.patch
new file mode 100644
index 0000000..f7de9f5
--- /dev/null
+++ b/debian/patches/931_parse-url.patch
@@ -0,0 +1,21 @@
+Subject: Prevent global-buffer-overflow in parseURL()
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/41
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ba9d78faeba9024c3e8840579c3b0e959ae2cb0f
+
+diff --git a/url.c b/url.c
+index 10089ca..fc213da 100644
+--- a/url.c
++++ b/url.c
+@@ -841,7 +841,10 @@ parseURL(char *url, ParsedURL *p_url, ParsedURL *current)
+ case '#':
+ p_url->host = copyPath(q, p - q,
+ COPYPATH_SPC_IGNORE | COPYPATH_LOWERCASE);
+- p_url->port = DefaultPort[p_url->scheme];
++ if (p_url->scheme != SCM_UNKNOWN)
++ p_url->port = DefaultPort[p_url->scheme];
++ else
++ p_url->port = 0;
+ break;
+ }
+ analyze_file:
diff --git a/debian/patches/series b/debian/patches/series
index 3db0170..3acd91e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -66,3 +66,4 @@
928_form-id.patch
929_anchor.patch
930_tbl-mode.patch
+931_parse-url.patch